CVE-2001-0821
published 2001-12-06CVE-2001-0821: The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via…
PriorityP419medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.87%
88.9th percentile
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dcscripts | dcshop | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DC Scripts DCShop Beta 1.0 02 - File Disclosure (1)
exploitdb·2001-06-18
CVE-2001-0821 DC Scripts DCShop Beta 1.0 02 - File Disclosure (1)
DC Scripts DCShop Beta 1.0 02 - File Disclosure (1)
---
source: https://www.securityfocus.com/bid/2889/info
DCShop is a GCI-based ecommerce system from DCScripts.
Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential order data, including credit card and other private customer information, as well as the DCShop admnistrator login ID and password.
http://theTargetHost/cgi-bin/DCShop/Orders/orders.txt
Exploit-DB
DC Scripts DCShop Beta 1.0 02 - File Disclosure (2)
exploitdb·2001-06-18
CVE-2001-0821 DC Scripts DCShop Beta 1.0 02 - File Disclosure (2)
DC Scripts DCShop Beta 1.0 02 - File Disclosure (2)
---
source: https://www.securityfocus.com/bid/2889/info
DCShop is a GCI-based ecommerce system from DCScripts.
Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential order data, including credit card and other private customer information, as well as the DCShop admnistrator login ID and password.
http://theTargetHost/cgi-bin/DCShop/Auth_data/auth_user_file.txt
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-06/0233.htmlhttp://www.dcscripts.com/dcforum/dcshop/44.htmlhttp://www.securityfocus.com/bid/2889https://exchange.xforce.ibmcloud.com/vulnerabilities/6707http://archives.neohapsis.com/archives/bugtraq/2001-06/0233.htmlhttp://www.dcscripts.com/dcforum/dcshop/44.htmlhttp://www.securityfocus.com/bid/2889https://exchange.xforce.ibmcloud.com/vulnerabilities/6707
2001-12-06
Published